The US Treasury Department has announced economic sanctions against individuals and companies linked to a Russia-based intermediary network accused of stealing and selling cyber tools. These sanctions represent the first use of a newly enacted law targeting the purchase and sale of some US government cybersecurity tools via cryptocurrency to third parties.
Operation Zero and Sanctions Against Zelenyuk
To the sanctions list, St. Some individuals and companies associated with St. Petersburg-based Sergey Sergeyevich Zelenyuk and his Operation Zero were included. Operation Zero, founded by Zelenyuk, allegedly purchased various “exploit” tools that exploit software vulnerabilities without disclosing them to the public and sold these tools to unrelated third parties. The assets of the individuals and institutions on the list within the US borders were seized, and US citizens were prohibited from conducting transactions with these parties.
Stolen Defense Agents and Cryptocurrency Payments
It was reported that the cyber security tools provided by Operation Zero were developed by a US defense contractor only for the use of the state and certain allies, and a total of eight tools were seized. It was determined that these vehicles were stolen between 2022 and 2025 by Australian Peter Williams, a former employee of the contractor company.
It was stated that Williams sold cyber security tools to Operation Zero for millions of dollars of crypto money and pleaded guilty to two separate counts of trade secret theft following an investigation conducted in cooperation with the American Department of Justice and the Federal Bureau of Investigation.
First Implementation of the New Law and Additional Sanctions
Treasury Secretary Scott Bessent emphasized that the sanctions are a comprehensive defense effort against threats to sensitive American intellectual property. Bessent included the following statements in his statement:
It was announced that those who steal US trade secrets will be held accountable.
It was reported that the sanctions were put into effect based on Presidential Decree No. 13694, which is implemented against activities that threaten the cyber security of the USA. In addition, additional sanctions were enacted by the Department of State under the Protecting American Intellectual Property Act. This law includes regulations that penalize the use of US-origin trade secrets abroad, especially in a way that poses a national security threat. Zelenyuk and Operation Zero were the first parties to be sanctioned by this law.
Similar sanctions were also imposed on various individuals and organizations in connection with the network, including Marina Vasanovich and the United Arab Emirates-based company Special Technology Services LLC FZ. Oleg Kucherov and Azizjon Mamashoyev were included in the list because they supported the network. It was noted that Kucherov was linked to the Trickbot group, which is known for ransomware attacks against areas such as US public institutions and the healthcare sector.
It was stated that Operation Zero runs openness bounty programs targeting widely used operating systems and encrypted messaging platforms in the United States, rewarding millions of dollars worth of cryptocurrencies. However, instead of reporting the security vulnerabilities to the relevant software companies, it was reported that they mainly sold to customers in countries that are not allies of the USA.
While the Ministry of Treasury pointed out that crypto money was used in money laundering transactions, no information was shared about which digital wallets were involved in these activities.
